From 9be6aec6cf4a229ffe26f809bdf73d1c22c3ae3b Mon Sep 17 00:00:00 2001
From: "Roger A. Light" <roger@atchoo.org>
Date: Mon, 31 Jul 2023 23:36:40 +0100
Subject: [PATCH] Make tls keylog file user-readable only

---
 src/net.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/net.c b/src/net.c
index cf4a93f5..512beaa0 100644
--- a/src/net.c
+++ b/src/net.c
@@ -56,6 +56,7 @@ Contributors:
 #include "mosquitto_broker_internal.h"
 #include "mqtt_protocol.h"
 #include "memory_mosq.h"
+#include "misc_mosq.h"
 #include "net_mosq.h"
 #include "util_mosq.h"
 
@@ -333,7 +334,7 @@ static void tls_keylog_callback(const SSL *ssl, const char *line)
 	UNUSED(ssl);
 
 	if(db.tls_keylog){
-		fptr = fopen(db.tls_keylog, "at");
+		fptr = mosquitto__fopen(db.tls_keylog, "at", true);
 		if(fptr){
 			fprintf(fptr, "%s\n", line);
 			fclose(fptr);